Home > Articles > Cisco Network Technology > Wireless/Optical/High Speed > Moving to WPA/WPA2-Enterprise Wi-Fi Encryption

Moving to WPA/WPA2-Enterprise Wi-Fi Encryption

Article Description

Wi-Fi networks in businesses (no matter how small) should be using the Enterprise mode of WPA or WPA2 encryption. Eric Geier, the author of Wi-Fi Hotspots: Setting Up Public Wireless Internet Access, shows you how to move from the Personal (PSK) mode to the Enterprise (RADIUS) mode.
The Different Flavors of EAP

The Different Flavors of EAP

The brain behind 802.1X authentication is actually the Extensible Authentication Protocol (EAP). There are many types or favors of EAP. The type an organization should use depends upon the desired level of security, desired complexity, and the server/client specs.

Here are the most popular types:

  • PEAP (Protected EAP): This method is one of the most popular and easy-to-implement EAP types. It authenticates end-users via usernames and passwords they must enter when connecting to the network.
  • The authentication server can also be validated during PEAP authentication when an SSL certificate is installed on the server. This type is supported by default in Windows.
  • TLS (Transport Layer Security): This type is one of the most secure flavors, but takes more to implement and maintain. Both client and server validation is done via SSL certificates. Instead of providing a username and password when connecting, end-user devices or computers must have a SSL certificate file loaded into its 802.1X client.
  • The administrators control the certificate authority (CA) and hand out the client certificates, giving administrators more control, but requiring more administrative time.

  • TTLS (Tunneled TLS): An improved version of TLS that doesn't require client-side security certificates, reducing overhead to manage the network. However, this EAP type doesn't have native support in Microsoft Windows; it requires a third-party client like SecureW2.
5. Your Next Steps | Next Section Previous Section